Search This Blog

Tuesday, 18 March 2014

My own primitive Single Sign On - Part 2

In the previous post I started on creating of my custom SSO solution. I have decided to name it "SimplySSO". To continue with the application flow, lets start with the login flow:
User attempts to access PlatformAppA:

 Since the user was not logged in, he was redirected to the AuthPlatform. The AuthPlatform immediately responded with a login page. Once the user submitted his credentials, the AuthPlatform began the process of authentication:
Once the AuthPlatform has authenticated the user, it will create a session (yes HTTP Session) to track this user's requests. It will now redirect the user back to requested resource - PlatformApp1/index.jsp
PlatformApp1 will also have some infomration that it would like to maintain in a user session. It cannot use the AuthPlatform session as that belongs to the AuthPlatform. To avoid pollution of AuthPlatform session, we have each PlatformApp create its own session.
 Now that all setup is complete, the user can see his page (finally !)

A question that comes here is how did the PlatformApp find out about the existence of an authenticated session for user Robin ? There is a dirty trick here that I haven't spoken about yet. Lets look at the session information again:
Now that we have seen how this is done for one PlatformApp, lets try and extend this behavior to N apps.


  1. Great Robs :)

    this will really help us to understand SSO in application.

    Thanks again,